Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-02.txt
Warren Kumari <warren@kumari.net> Tue, 13 September 2016 17:52 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 290D612B47D for <dnsop@ietfa.amsl.com>; Tue, 13 Sep 2016 10:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aSZ3p3MXwgDR for <dnsop@ietfa.amsl.com>; Tue, 13 Sep 2016 10:52:27 -0700 (PDT)
Received: from mail-qt0-x234.google.com (mail-qt0-x234.google.com [IPv6:2607:f8b0:400d:c0d::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 239C712B468 for <dnsop@ietf.org>; Tue, 13 Sep 2016 10:52:27 -0700 (PDT)
Received: by mail-qt0-x234.google.com with SMTP id 93so93099934qtg.2 for <dnsop@ietf.org>; Tue, 13 Sep 2016 10:52:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0kP0GMX02mxeTkYG/6R3fmyszw3BdxA5/nev6f42d1g=; b=HoyiDs3QmY4QOrrmIlAJiQyKG4kPOdaETcuovPpr+4T8OFZJ5VkDvddaN57e5muoEf Dt1qoG0xAEHLxQ/fCyY63OY1LwnLEULUb0eue+7Ysmstyz53+pqjrlslqQzemCzDrU7R yhDek/mP8ZIJwIuW5xZb6Xh5MVOwf0pmT5jGC2O5OWjfaVC8DjrHRVwV/mEzHbiFXDot jzjSyrFk/BlycssdZ8ruCxsicvv744xE5awJmQRj2YaqXvmedjYuQvYf79UehyKHsUvE ewSN2h6+HFBXBBtke1PNUlJILEYe2OAmv50+qU1pSZ4N8oo3VcNaHjuKXAtEtL6E6Uul okUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0kP0GMX02mxeTkYG/6R3fmyszw3BdxA5/nev6f42d1g=; b=P8uWrpMxX1grrhgPmvadlUm/rIH+9dKp5UWBw4RxnkSWcPz5fW0ck7ZQ6bb0t+DtXA 63l/ygBt7if/zOpkgw2Uk0AF3wtw4HlZ6y21W9E3XVIblzFNgPznALGGIQTEebdc/DzP C9dYXe5z3T6mrbg/4B0a+WkbCWeiwobVkc1HzB3m8i5RXr+yPo6Zt1LG5b5Dwa1Sv5nH sVE7BzKXeKHftyikSbZW882FcIyj72lZuE91ehe3KLduWZpb1C8o6rxTaGciVr2PwXLv QkS2ekSuGvUJQRRYmxsqEJAkjiS2OEvIjLZu1mUV9aecrQ0T+TJ4jhWgEMnY2ZmkVOEk 9a2A==
X-Gm-Message-State: AE9vXwNp9AbGHpQt5Fr2ZkvoLtZnp0G9y1gA0evLxKPggDZwVRBdWpzh7iJ5iJR4aM2pEYmk4Lt1wyRVbDXGsvao
X-Received: by 10.200.53.235 with SMTP id l40mr2610504qtb.47.1473789146177; Tue, 13 Sep 2016 10:52:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.55.147.196 with HTTP; Tue, 13 Sep 2016 10:51:55 -0700 (PDT)
In-Reply-To: <CF54BB94-80C9-4390-BABE-B4126A4AF457@vpnc.org>
References: <147378048323.23516.13638129997007497154.idtracker@ietfa.amsl.com> <CAHw9_i+GyZQZ_E5AWpSs2+Mu-ytAe=hQVy57d-G84nxPgvJzkA@mail.gmail.com> <CF54BB94-80C9-4390-BABE-B4126A4AF457@vpnc.org>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 13 Sep 2016 13:51:55 -0400
Message-ID: <CAHw9_iJCeL2emaOw52W6c2sxY_3wvx2=pbgZYUBUJNKQ+-SckQ@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/IQvfuq14dy8qpr8TO4nUZe3sVw0>
Cc: dnsop <dnsop@ietf.org>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggressiveuse-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2016 17:52:29 -0000
On Tue, Sep 13, 2016 at 1:30 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > On 13 Sep 2016, at 9:03, Warren Kumari wrote: > >> The authors have attempted to integrate / incorporate all comments >> received. > > > ...and the draft is looking really good now. Thank you - it's always nice to get positive feedback. > >> One of the main changes was suggested by Jinmei ("we might want to >> follow the style of draft-ietf-dnsop-nxdomain-cut-04."), and resulted >> in Section 6 - Benefits. > > > It's nice to have it there in one place. > Yup, I really liked that suggestion - thanks to Jinmei for suggesting this, and Stephane, Shumon for draft-ietf-dnsop-nxdomain-cut-04. >> I'd really appreciate a review of this section, especially the last 2 >> paragraphs (starting with): >> "[ Editor note: There has been some discussion on if this document >> should discuss this attack and mitigation. The authors think that >> this is useful / important, but some participants feel that it >> oversells the DoS mitigation benefit. Please let us know if the >> below is helpful. Also, the below description is not as clear as it >> could be - it's been tricky to balance readability, correctness and >> conciseness. Text gratefully accepted... ]" > > > Discussions of DoS attacks and mitigations get bogged down quickly; see, for > example, the past year or two in the IPsecME WG. It is safe to assume that > if a method prevents a type of DoS attack, attackers will find another way > to mount the attack. The current wording describes one type of attack, and > how this helps mitigate it. That's sufficient: you don't need to say "and > therefore you SHOULD use this method to avoid attacks". Thank you. W > > --Paul Hoffman -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- [DNSOP] I-D Action: draft-ietf-dnsop-nsec-aggress… internet-drafts
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Warren Kumari
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Paul Hoffman
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Warren Kumari
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Bob Harold
- Re: [DNSOP] I-D Action: draft-ietf-dnsop-nsec-agg… Warren Kumari